Share this article
ParaSwap confirmed it was investigating the incident.
ParaSwap “Investigating” Address Issue
ParaSwap may have suffered a hack, blockchain security firm Supremacy Inc. has reported.
1/ Hi @paraswap ,I heard that you want to see this? your deployer address private key may have been compromised (possibly due to Profanity vulnerability) and funds have been stolen on multiple chains.https://t.co/ijHaTwAj0l
— Supremacy Inc. (@Supremacy_CA) October 11, 2022
Supermacy Inc. first alerted ParaSwap to an issue in a Tuesday tweet storm. “Your deployer address private key may have been compromised (possibly due to Profanity vulnerability),” the warning read. “Funds have been stolen on multiple chains.”
ParaSwap was quick to respond to the posts, confirming that it was looking into the incident. “We’re investigating, but the address has no power after the deployment. Just paid the gas and retired. Profanity addresses usually have trailing zeros,” the team wrote.
Supremacy Inc. included an Etherscan link to ParaSwap’s deployer contract address. The wallet’s transaction history shows that someone with access to its private key made several transfers across Ethereum, BNB Chain, and Fantom earlier this morning, though they only withdrew a few hundred dollars in each transaction. Notably, the ParaSwap team did not confirm that it made the transactions in its response, nor did it deny any vulnerability.
Several members of the crypto community weighed in on Supremacy Inc.’s post shortly after it went live. “Still not as bad PR as the airdrop,” said UpOnly co-host Cobie, referring to ParaSwap’s divisive 2021 token airdrop, which used a strict distribution model that excluded many loyal users. PSP suffered shortly after the airdrop and never recovered; per CoinGecko data, it’s about 98.8% short of its all-time high today.
Update: In a follow-up tweet, ParaSwap said that it had found no sign of an exploit. “No vulnerability found! We’ll follow up with analysis & an explanation of what’s a deployer address and how we made sure they have no power at all!”
Editor’s note: An earlier version of this article incorrectly stated that ParaSwap’s contract address held 1.8 billion PSP tokens. It’s since been updated.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.